“Anonymized” data really isn’t—and here’s why not

The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release "anonymized" data on state employees that showed every single hospital visit. The goal was to help researchers, and the state spent time removing all obvious identifiers such as name, address, and Social Security number. But a graduate student in computer science saw a chance to make a point about the limits of anonymization.

Latanya Sweeney requested a copy of the data and went to work on her "reidentification" quest. It didn't prove difficult. Law professor Paul Ohm describes Sweeney's work:

At the time GIC released the data, William Weld, then Governor of Massachusetts, assured the public that GIC had protected patient privacy by deleting identifiers. In response, then-graduate student Sweeney started hunting for the Governor’s hospital records in the GIC data. She knew that Governor Weld resided in Cambridge, Massachusetts, a city of 54,000 residents and seven ZIP codes. For twenty dollars, she purchased the complete voter rolls from the city of Cambridge, a database containing, among other things, the name, address, ZIP code, birth date, and sex of every voter. By combining this data with the GIC records, Sweeney found Governor Weld with ease. Only six people in Cambridge shared his birth date, only three of them men, and of them, only he lived in his ZIP code. In a theatrical flourish, Dr. Sweeney sent the Governor’s health records (which included diagnoses and prescriptions) to his office.

Such work by computer scientists over the last fifteen years has shown a serious flaw in the basic idea behind "personal information": almost all information can be "personal" when combined with enough other relevant bits of data.

That's the claim advanced by Ohm in his lengthy new paper on "the surprising failure of anonymization." As increasing amounts of information on all of us are collected and disseminated online, scrubbing data just isn't enough to keep our individual "databases of ruin" out of the hands of the police, political enemies, nosy neighbors, friends, and spies.

If that doesn't sound scary, just think about your own secrets, large and small—those films you watched, those items you searched for, those pills you took, those forum posts you made. The power of reidentifiation brings them closer to public exposure every day. So, in a world where the PII concept is dying, how should we start thinking about data privacy and security?

Don't ruin me

For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass, or steal the identity of him or her. I mean more than mere embarrassment or inconvenience; I mean legally cognizable harm.

Examples of the anonymization failures aren't hard to find.

When AOL researchers released a massive dataset of search queries, they first "anonymized" the data by scrubbing user IDs and IP addresses. When Netflix made a huge database of movie recommendations available for study, it spent time doing the same thing. Despite scrubbing the obviously identifiable information from the data, computer scientists were able to identify individual users in both datasets. (The Netflix team then moved on to Twitter users.)

In AOL's case, the problem was that user IDs were scrubbed but were replaced with a number that uniquely identified each user. This seemed like a good idea at the time, since it allowed researchers using the data to see the complete list of a person's search queries, but it also created problems; those complete lists of search queries were so thorough that individuals could be tracked down simply based on what they had searched for. As Ohm notes, this illustrates a central reality of data collection: "data can either be useful or perfectly anonymous but never both."

The Netflix case illustrates another principle, which is that the data itself might seem anonymous, but when paired with other existing data, reidentification becomes possible. A pair of computer scientists famously proved this point by combing movie recommendations found on the Internet Movie Database with the Netflix data, and they learned that people could quite easily be picked from the Netflix data.

Such results are obviously problematic in a world where Google retains data for years, "anonymizing" it after a certain amount of time but showing reticence to fully delete it. "Reidentification science disrupts the privacy policy landscape by undermining the faith that we have placed in anonymization," Ohm writes. "This is no small faith, for technologists rely on it to justify sharing data indiscriminately and storing data perpetually, all while promising their users (and the world) that they are protecting privacy. Advances in reidentification expose these promises as too often illusory."

For users, the prospect of some secret leaking to the public grows as databases proliferate. Here is Ohm's nightmare scenario: "For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass, or steal the identity of him or her. I mean more than mere embarrassment or inconvenience; I mean legally cognizable harm. Perhaps it is a fact about past conduct, health, or family shame. For almost every one of us, then, we can assume a hypothetical 'database of ruin,' the one containing this fact but until now splintered across dozens of databases on computers around the world, and thus disconnected from our identity. Reidentification has formed the database of ruin and given access to it to our worst enemies."

Because most data privacy laws focus on restricting personally identifiable information (PII), most data privacy laws need to be rethought. And there won't be any magic bullet; the measures that are taken will increase privacy or reduce the utility of data, but there will be no way to guarantee maximal usefulness and maximal privacy at the same time.

There are approaches that can reduce problems. Instead of releasing these huge anonymized databases, for instance, make them interactive, or have them report most results in the aggregate. (But such techniques sharply limit the usefulness of the data.)

Ohm's alternative is an admittedly messier system, one that can't be covered with simple blanket laws against recording Social Security numbers or releasing people's name and addresses. Such an approach has failed, and now looks like playing "Whac-A-Mole" with personal data. "The trouble is that PII is an ever-expanding category, writes Ohm. "Ten years ago, almost nobody would have categorized movie ratings and search queries as PII, and as a result, no law or regulation did either." Expanding privacy rules each time some new reidentification technique emerges would be unworkable.

Instead, regulators will need to exercise more judgment, weighing harm against benefits, and the rules may turn out to be different for crucial systems like healthcare. At the same time, the US needs comprehensive legislation on data privacy to set a minimum threshold for all databases, since Netflix, AOL, and others have made clear that we have no real idea in advance which pieces of seemingly harmless data will turn out to identify us and our secrets.

Just because of high profile commercial failures does not mean that anonymization is impossible, The census bureau does it all the time in generating the publically available microdata and there are no high-profile breaches of this data.

This is a heavily researched area in computer science and statistics right now (particularly in the database community). Search for terms like "K-anonymity" and "L-diversity". All the attacks you cite are standard quasi-identifier attacks addressed by suitable K-anonymity protection.

The real issue is the trade-off of utility and anonymity. The more you anonymize the data, the less useful it is for actually trying to learn any meaningful statistics (duh). The census bureau believes that we should be thankful for whatever microdata they release, so they will scrub the hell out of it. Companies want to sell data, in which case the data needs to retain its value. Hence they cut corners.

To be honest, I'm astonished by the massive and terrified concern for people being able to 'be found.' It shows a kind of self-obsession and sense of self-importance that really has no place in society. There are 300 million people in this country - do you have any idea how long it would take to analyze the 'anonymized' data of all of them? Constantly repeating this story in this tone perpetuates the idiotic belief that someone, somehwere is interested (or, as noted, has the freaking time) to pour through our lives and find embarassing information about us - and further, that they have the ability and resoruces to make this *uncomfortable* for us.

What exactly is it we are afraid is going to happen? Someone will find out about our intimate romantic desires? That we are still interested in an old spouse? We have at times explored an interest in self destructive behaviours, be it through controlled substances or other means?

It's hilarious to me that often the same people who are constantly arguing against secrecy, centralized control of information and compartmentalization also stand by and insist that each individual should be able to move anonymously through the world and conduct their lives without regard for a record of their actions (because none should be made).

I don't really have an opinion on 'right to privacy' - but I think the obsession with it is really just a kind of personal mania about the secret double-lives we live. Not have 'privacy' would very quickly open up many relationships, and I believe ultimately improve our lives by dispelling so many stereotypes and prejudices in our society related to thought.

The fundamental fact is the only legitimate worry about privacy is identity theft - which is first a technical problem with resolving identity theft (which is to say, it's too hard to do this) and b) if everyone already knows everything about you - your identity can't be stolen, because you can't impersonate someone you know!

Instead of fixing this by walling off more information, why not fix identity theft as a problem? Why is your (assumed) pristine credit report which can be fixed (with a considerable amount of effort) so important to you? Do you know that consumer borrowing doesn't make financial sense anyway - in which case your credit report has no use?

This is why I and many other in my generation that I know of simply just assume that everything we do is public data for those who really want it, be it a list of purchases on a credit card, any forum posts or a facebook profile.

I can really see the issue with usable statistics versus anonymous data. Currently the weight is more aligned toward usable statistics, at least when it comes to data that's in possession of commercial entities, as they are looking for way to sell of otherwise benefit from sharing the data.

I do hope that researches in statistics and specifically databases will come up with a better way to cope with the problem at hand but until then I will have to keep multiple accounts around the internet, only buy and use anonymous cellphones, encrypt and tunnel my internet traffic, etc to keep at least the online portion of my "database of ruin" at bay. If I'm really paranoid I will probably have to create a multiple of fake identities or avoid banks and hospitals all together. That's insane.

For now, the simplest thing for me to do is to just assume that my "database of ruin" exists and is +R for all (and even +W for many!). My only protection right now is the amount of energy anyone would have to use in order to actually harvest all the relevant data from all the places. It's not much, but it could be worse.

It's not 1984 yet. And I believe we will be able to solve the problems with the amount of data that is being collected in our modern world. I still have faith.

Karoch Sharon - Instead of fixing this by walling off more information, why not fix identity theft as a problem? Why is your (assumed) pristine credit report which can be fixed (with a considerable amount of effort) so important to you? Do you know that consumer borrowing doesn't make financial sense anyway - in which case your credit report has no use?

Your rather blase attitude toward the simple fact of human dignity of personal privacy almost makes me think you work for the government. Identity theft is merely one problem. Credit reports are not only a pain over which most of us have virtually no control, but the failure of the reporting companies may in fact cost people employment (or employment opportunities). If you live in a vacuum, your credit report may have no use. Most of us deal in a broader world where someone's word is simply NOT what it used to be (Madoff, anyone?). I, for one, do not particularly want ALL my information in your (or anyone else's) hands; nor the government; nor big business; and in fact, would prefer that I have more control over who could even collect and resell it...credit reporting companies included. After all...it's about MY life...not theirs.

It's amusing that this web site is running scripts from google-analytics.com and googleapis.com with this article.

I think the best we can do is to slow down the loss of privacy, while putting some thought into protections on the use and abuse of personal data. We shouldn't allow companies or governments to stifle free speech or our lives in general with blackmail (getting fired, arrested, etc.). Before the internet, you could grumble about your employer in private, but now if you do on the internet thinking that it is private and the company reidentifies you, then that is legal grounds to be fired. Already, you can be placed on a permanent list (sex offenders) that ruins the rest of your life. Having bad credit or an arrest record soon will be another permanent black mark (maybe it is already); if no one hires you because of bad credit, how do you recover? What happened to getting another chance to straighten out your life?

It seems programmers of today are just more stupid than those of yesteryear. Not trying to be offending here, but it's true.

So many times, I hear "So why don't we just encrypt it?" as the "solution" to pass/display "anonymous" data. I'm going to start pointing to this article as a good resource of why it can't be done.

"data can either be useful or perfectly anonymous but never both."That's a perfect quote, and all programmers today should learn from it. It's 100% true.

However, there are steps one can take to emulate anonymously useful, although never perfect as someone with the resources *will always* find a way:-Never use any part of the DOB. Use age *rounded up*. Then add 2 years. The adding of 2 years doesn't skew most reports, but use common sense if those age ranges are too narrow to warrant a 2 year increase.

-Never use zip code. Use county. Better approach: use a quad system by breaking the state(s) into 4 parts. Best approach: don't use a system which targets user locations.

-Never, under *ANY* circumstance, encrypt a user account number, in whole or in part, (SSN, CC, etc) and think it's safe. Only idiots do this and quickly find out how bad this decision was. If a user account number is in the data under any form, it is no longer anonymous. Learn from this now before getting bit tomorrow.

Working in the credit industry has given me insight on why the quote about useful data is 100% accurate. No matter how much one tries to tell the client the data is no longer anonymous, the more they'll push back wanting even MORE collectible information.

And with that, expect breaches on massive scales to continue because programmers think "encryption = anonymous" without understanding the data they're sending under the guise of a "report".

Originally posted by Karoch Sharon:Instead of fixing this by walling off more information, why not fix identity theft as a problem? Why is your (assumed) pristine credit report which can be fixed (with a considerable amount of effort) so important to you? Do you know that consumer borrowing doesn't make financial sense anyway - in which case your credit report has no use?

It's not that my credit report is important to me, it's that my credit report (or more accurately my credit score) is important to others -- companies willing to lend me money. I need a good credit score if I want to buy a house/car/etc. or in some instances get a job (this I don't agree with btw). I don't know about you but, most people don't have the liquid assets needed to purchase a house or car outright, therefore we need credit.

Originally posted by Karoch Sharon:To be honest, I'm astonished by the massive and terrified concern for people being able to 'be found.' It shows a kind of self-obsession and sense of self-importance that really has no place in society. There are 300 million people in this country - do you have any idea how long it would take to analyze the 'anonymized' data of all of them? Constantly repeating this story in this tone perpetuates the idiotic belief that someone, somehwere is interested (or, as noted, has the freaking time) to pour through our lives and find embarassing information about us - and further, that they have the ability and resoruces to make this *uncomfortable* for us.

Have you ever had a jilted lover? Co-worker who you had a disagreement with? Have you done *anything* which ever could be considered to be questionable, even if not illegal?

All it takes is one person with such a motive, who could then do everything from getting you fired from your current job, ostracized from your community, perhaps even put into jail.

Combine this with computer technology, and suddenly 300 million isn't that many records. I can think of many companies which would love to have this information (Advertisers, the Government, Banks, your Employer...)

quote:

The fundamental fact is the only legitimate worry about privacy is identity theft - which is first a technical problem with resolving identity theft (which is to say, it's too hard to do this) and b) if everyone already knows everything about you - your identity can't be stolen, because you can't impersonate someone you know!

Really? So someone across the country will know you by sight? That's what would be required to prevent identity theft. Ask the Life Lock CEO, who had his identity stolen (despite the "best" protections available against having such an event happen).

Search engines are used for so many things today that given an "anonymous" profile of a user there are going to be a lot of hints about who they are. What address do they use as the starting point for driving directions? What zip code do they check for the weather and movie times? Have they ever accidentally typed in their username or a password in the search field rather than in a site input? What company page is set as their home page or what stocks do they check? And, of course, Google or Yahoo might also be associating their instant messaging, email, photographs, calendar, and video uploads with their "anonymous" ID.

The fundamental fact is the only legitimate worry about privacy is identity theft

Sorry but are you insane? Do you want everyone to be able to find out what you have in your bank account, what you watch or view on the Internet what you do with your wife (or the wife of someone else) what diseases you might have, whom you call, what you buy etc. pp.?

No Identity theft is NOT the only legitimate worry. It would be crazy to believe that one person/organisation/agency is going through all the data and explicitly targets you. (Because of this I have no big problem with a huge agency like google knowing my data) On the other hand almost EVERYBODY has SOMEONE who would like to know things about you, you do not want him to know. This may be your girlfriend, the colleague you compete with, your employer etc. And its frighteningly easy to find out sensitive information.

When you and your children are trying to hide from an abusive spouse, do you really want him to be able to find you? Do you really want such people to know where the battered womens' shelter is located? There are all sorts of valid reasons for ordinary citizens to keep their information private. In fact it should be every individual's right to decide what information is private and what isn't. Ego and self-centeredness have nothing to do with it. It is about control. Do you want to control your life or do you want the corporations and govenrnments to control your life?

The world has spent so long coming up with ways to make it easier to categorize things (name, dob, zip, etc), analyze data, etc ... now we're trying to find ways to over-complicate it or re-invent the wheel for the sake of cryptography. Feels like we're spinning our wheels here.

What I find ironic is that the companies I've done data analysis for, even companies of the same type, have dreamt up their own data categorizations. So, when you're trying to cross-compare info you have to scrub and equalize things first. Even departments in the same company can't get their data coordinated. And yet this person gets some medical records and pays for some address info and ... *BAM* "I know what you did last summer".

It would be crazy to believe that one person/organisation/agency is going through all the data and explicitly targets you. (Because of this I have no big problem with a huge agency like google knowing my data)

Originally posted by Tundro Walker:What I find ironic is that the companies I've done data analysis for, even companies of the same type, have dreamt up their own data categorizations. So, when you're trying to cross-compare info you have to scrub and equalize things first. Even departments in the same company can't get their data coordinated. And yet this person gets some medical records and pays for some address info and ... *BAM* "I know what you did last summer".

The difference is that you are talking about systemically harmonizing data in ways that machines can understand them. The article is about an intelligent entity pursuing information in a much more limited fashion.

ikiabsbwihbtdtiwthpmtuuthahetkuwtcbonatwaathpka*. i mean i read this site daily and i have never heard of the acronym pii before.

*i know its already been said but would it have been too difficult to include what the hell pii means to us users that have a hard enough time keeping up with the constant barrage of new acronyms that we are assumed to have prior knowledge about.

I didn't want to say it like that but you are right. Luckily we now know that PII means Personally Identifiable Information, thanks to a few kind forum members. For scientific articles it's common practice to explain every acronym, even the obvious ones. It's always possible that the author means something else than the reader thinks.

Originally posted by Tsa Szymborska:I didn't want to say it like that but you are right. Luckily we now know that PII means Personally Identifiable Information, thanks to a few kind forum members. For scientific articles it's common practice to explain every acronym, even the obvious ones. It's always possible that the author means something else than the reader thinks.

For those that have posted along the lines of "where is this right to privacy exactly?"... I'm afriad you have shown your real colors as anti-abortionists... As the entire basis of Roe v Wade was the implied right to privacy.

You kill the concept of right to pivacy at the peril of choice.

I have no intention to say what side of the fence I am on. I just wanted to point out the ramifications.

Originally posted by gsfprez:For those that have posted along the lines of "where is this right to privacy exactly?"... I'm afriad you have shown your real colors as anti-abortionists... As the entire basis of Roe v Wade was the implied right to privacy.

You kill the concept of right to pivacy at the peril of choice.

I have no intention to say what side of the fence I am on. I just wanted to point out the ramifications.

Right to privacy against the government may not always equate right to privacy against privately owned corporations.

You seem to be arguing that most secrets should be kept secret for a myrriad of reasons.

I think there's some truth to this, but I think that in a world without secrets at all (a world which we are _not_ in right now, duh), the arguments don't make sense. Let me go over the arguments I percieve.

One of them is blackmail; but blackmail only enters into the equation when someone who wants to hurt you know a secret that is still secret to the rest of the world.A complete lack of privacy where _everyones_ secrets are only a google away nicely eliminates blackmail, since you cannot threaten to reveal something which is already public. Right?

Then there's the fact that secrets can hurt you in the first place...this is only because people would think differently of you if they knew something which you have kept secret from them. But if everyone has skeletons in the closset, everyone is on equal footing. Sure, your wife may now know that you were bisexual in college, and your coworkers may make jokes about it, but you know which of them are wifebeaters, and which of them didn't finish highschool till they were 20. Traditionally, secrets are a problem because if someone finds out about yours, you'll be at a disadvantage, but that won't be the case if it is no longer just your secrets, but everyones, that are out and about.

This also has positive ramifications for trust; Madoff could not have happened, had he not kept secrets. You'll know how your banker got his job and wether he's worth his salt. You'll never risk a president lying to the public about who he got blown by.

And if anything, right now, those people whose secrets are found out are at an unfair disadvantage, because the rest of us are able to decieve the world while they were not...because they are the few, the unlucky, and ruinous information is so uncommon, they are hit many times harder than they ought to be, because hey, the rest of us probably did something just as bad at some point. If everyones secrets were out, the moral barometer would simply reallign to the new "badness pressure", so to speak, and things we consider "bad" now would hardly be an issue.

After all, it's not like we would no longer need bankers, insurers, doctors, politicians, and other people in high-trust positions. And perhaps, quite fairly, the people who actually _have_ no skeletons in the closset would rise to the top, far above the rest of us who scheme to keep things secret. It would fill in the powerful positions with people who _actually deserve it_ rather than just people who seem to deserve it because we don't know of all the bad things they've done.

And in the end...should an individual have the right to lie and decieve to the detriment of others? Do you really want to allow yourselves to be cheated so badly? To me, a more puritan meritocracy really doesn't seem so bad, and it seems like it would allow a lot of people to supress a lot less emotion.

So I'm with Kraoch Sharon most of the way...a world without secrets wouldn't be so bad.

However, right now, we're in a world where but a few people may soon, typically a few technically proficient experts, be able to find out ruinous information about their adversaries and enemies. This, I do fear. I fear being found out before everyone else is. The end point, where all is revealed...that's ok. But I'd rather not be the only guy at the office caught with my pants hanging around down by my ankles, so to speak.

Originally posted by gsfprez:For those that have posted along the lines of "where is this right to privacy exactly?"... I'm afriad you have shown your real colors as anti-abortionists... As the entire basis of Roe v Wade was the implied right to privacy.

You kill the concept of right to pivacy at the peril of choice.

I have no intention to say what side of the fence I am on. I just wanted to point out the ramifications.

Right to privacy against the government may not always equate right to privacy against privately owned corporations.

Just sayin'.

Not sayin' which side I'm on either..

which are you afraid of not having privacy from? Corporations or governments?

Cause there is a long long list of problems associated with one, and a list en potentia with the other.

The most damaging data, and often the easiest to obtain, lie in court documents which are, by definition, public records. It is nearly impossible to electronically redact critical information from these files. Especially the paper ones at the court house. Bankruptcy and divorce filings are particularly revealing.

"To be honest, I'm astonished by the massive and terrified concern for people being able to 'be found.' It shows a kind of self-obsession and sense of self-importance that really has no place in society... What exactly is it we are afraid is going to happen? "

Well Karoch Sharon, I feel the same way as you. We must be soul mates -- you and I.Sounds like we''ll have a grand old time together.Let's see now...Last 100 Google searches? Check. Photo? Check. Employment records? Check. Address? Check!

Karoch Sharon - Instead of fixing this by walling off more information...

Your rather blase attitude toward the simple fact of human dignity of personal privacy almost makes me think you work for the government. Identity theft is merely one problem. Credit reports are not only a pain over which most of us have virtually no control, but the failure of the reporting companies may in fact cost people employment (or employment opportunities). If you live in a vacuum, your credit report may have no use. Most of us deal in a broader world where someone's word is simply NOT what it used to be (Madoff, anyone?). I, for one, do not particularly want ALL my information in your (or anyone else's) hands; nor the government; nor big business; and in fact, would prefer that I have more control over who could even collect and resell it...credit reporting companies included. After all...it's about MY life...not theirs.

You know you're arguing with a rational and logical person when...they respond to your ideas with paranoia about the government!

I understand what you meant, but leading off with a pathos appeal like that isn't helping your argument.

I'll respond to the rest of your points later, but my broad impression is this: you want control. You want to control your information, control what others know about you, when they know it, how they come to know and whether they are allowed to know it. How can this possibly be a good thing? First of all, it's doomed to fail. Second, I've never been in a situation where any person was focused on controlling something that was a positive one. I find it telling that you didn't actually offer a reason why you need all this control over 'your information' - this usually indicates that the reasoning hasn't been thought through. I'd submit that it is the same self-possession, along with a healthy dose of fear (baseless or otherwise) that motivates this, and not any sound logical or ethical principle.

That said, we'll move on to the details. The biggest example of 'invasion of privacy' you point out is the credit report. I suppose my response is; assuming everything on the credit report is true, what's wrong with an employer having it? It might indicate a person has made mistakes, or is irresponsible? Isn't this exactly the kind of thing which could've prevented a Bernie Madoff-type situation? (I know it wouldn't've, but if there was some kind of reliable character indicator for Madoff, and it had been available to his investors - don't you think they would've passed on him)? You've already made the case that incompetent people being given positions they shouldn't've is a bad thing for society (not just Wall Street fatcats). If I have a messy credit history, this is an indicator to any prospective employer that I have a history of irresponsibility. Having a job is almost *entirely* about responsibility, so this is a great indicator. But can't people change? Of course they can! And so can credit histories - they reset every 7 years, or so. (I'd prefer this interval were shorter, but the very little I know about credit reports and the way they are read indicates to me that most banks are willing to overlook past mistakes up to an including bankruptcy assuming a clean recent history of as little as a year - or less in some cases).

Ultimately, I think you're less concerned about keeping your past private than you are about facing it. Somewhere along the way 'freedom' got translated into 'lack of accountability' - and I don't think that this is at all what freedom means. I was raised, for better or worse, to equate accountability with freedom. And in my experience, the greatest expressions of freedom are just that. Watergate; where two ordinary citizens exposed corruption and held a person obsessed with control to account. It is when people are not accountable that freedom disappears, and is replaced with tyranny. Why is it bad that companies can see your credit history? Because they might find out about the embarassing mistakes you made. This is just my point - perhaps, if we weren't all so obsessed with keeping the secrets, we would be more willing to confront our mistakes, realize that we aren't alone in making them, and be able to respond to them more proactively.

I don't deny that major reforms need be made. Credit reporting should be a lot more uniform; more democratized and more decentralized. I'd really like to see an "open-source" credit bureau (sp?) kind of hybridized between Wikipedia and OpenID. I don't think it's good for any individual to feel ashamed about anything; and I don't think it's good for any person in societ to feel it's OK to ostracize someone for pursuing something which isn't 'accepted.' I believe the best way to overcome these failings of our society is exposure; not more secrecy.

quote:

Originally posted by skicow:

quote:

Originally posted by Karoch Sharon:Instead of fixing this by walling off more information, why not fix identity theft as a problem? Why is your (assumed) pristine credit report which can be fixed (with a considerable amount of effort) so important to you? Do you know that consumer borrowing doesn't make financial sense anyway - in which case your credit report has no use?

It's not that my credit report is important to me, it's that my credit report (or more accurately my credit score) is important to others -- companies willing to lend me money. I need a good credit score if I want to buy a house/car/etc. or in some instances get a job (this I don't agree with btw). I don't know about you but, most people don't have the liquid assets needed to purchase a house or car outright, therefore we need credit.

You actually don't need a credit score to buy a house; and you don't need to borrow money to buy a car. As indicated by the Cash for Clunkers program - about 250,000 cars are sold every quarter in America with a purchase price of less than $4,500. If you can afford a loan for a car, you can afford a $4,500 down payment. If you can't afford a loan for a car - you won't get one, so what's the credit report needed for. Many (if not most) local community banks will give you a mortgage loan without a credit history if you have a good income history, character references, etc. Certainly a little more work than the standard mortgage, but it also means you'll probably have a better relationship with the lender. I'm on the fence on the job thing - on the one hand, I think it's a stupid judge of character; on the other, there are countless studies that indicate that an (accurate) credit report is a very good predictor of responsibility and character. I say that with the caveat of accurate, and agree that the credit reporting system should be reformed (starting with shredding up the current agencies).

Consumer Credit does not make financial sense. It is too much risk, for absolutely no reward. It's literally gambling. There is no economy of scale, no risk pool. You are putting a loaded gun to your financial head if you take out consumer loans. It's not necessary, and it's potentially disastrous. Do people make out OK? Absolutely - but as you can see in the default numbers, all it takes is one bad turn for you to go from 'riding high' to collections.

quote:

Originally posted by disposableidentity:"To be honest, I'm astonished by the massive and terrified concern for people being able to 'be found.' It shows a kind of self-obsession and sense of self-importance that really has no place in society... What exactly is it we are afraid is going to happen? "

Well Karoch Sharon, I feel the same way as you. We must be soul mates -- you and I.Sounds like we''ll have a grand old time together.Let's see now...Last 100 Google searches? Check. Photo? Check. Employment records? Check. Address? Check!

Put some tea on for me, I'll be right over : )

Sure! I drink To Life from Teavanna! Door's open. I actually don't use Google, but I take your meaning. I refuse to live my life in fear of others finding things out about me. I understand why a person would be afraid, but I also know that you're more likely to die in a car accident - and that doesn't keep people from getting in cars. They do wear seat-belts - which is why I think, when it comes to privacy, a person should be smart, but not fearful.

quote:

Originally posted by JPan:

quote:

The fundamental fact is the only legitimate worry about privacy is identity theft

Sorry but are you insane? Do you want everyone to be able to find out what you have in your bank account, what you watch or view on the Internet what you do with your wife (or the wife of someone else) what diseases you might have, whom you call, what you buy etc. pp.?

No Identity theft is NOT the only legitimate worry. It would be crazy to believe that one person/organisation/agency is going through all the data and explicitly targets you. (Because of this I have no big problem with a huge agency like google knowing my data) On the other hand almost EVERYBODY has SOMEONE who would like to know things about you, you do not want him to know. This may be your girlfriend, the colleague you compete with, your employer etc. And its frighteningly easy to find out sensitive information.

\

This is just my point. Who is 'everyone.' Aside from the fact that I am sure to be ostracized by the privacy gestapo for having this belief (to 'teach me a lesson about openness'), I am simply not that interesting a person. I'm not wealthy, I don't hoarde money or items, I'm not particularly materialistic. If someone were to rob me the important things I would lose are irreplacable, and the rest is just stuff. There are people who would lik to know things about me; and I would like them to believe that I am open enough that they should feel comfortable enough to ask me outright, instead of feeling they need to hide their curiousity. I personally like to be known; I like it when people are curious about me - it usually means they are interested in me. I *do* want people to know about my mistakes and my misfortunes, because I would like them to be spared the same kind of pain I have experienced. I'm not so hateful of the world that I want everyone to suffer in exactly the same ways I have. Am I proud of everything I've done, do now or will do one day - no, of course not. But I don't think hiding from those mistakes is the best way to handle them. I learned that in kindergarten.

quote:

Originally posted by North00:To Karoch Sharon:

When you and your children are trying to hide from an abusive spouse, do you really want him to be able to find you? Do you really want such people to know where the battered womens' shelter is located? There are all sorts of valid reasons for ordinary citizens to keep their information private. In fact it should be every individual's right to decide what information is private and what isn't. Ego and self-centeredness have nothing to do with it. It is about control. Do you want to control your life or do you want the corporations and govenrnments to control your life?

I suppose I'd like to think that someone who felt the need to do violence to others would be able to get the help they need to feel secure enough in themselves that they no longer felt those urges. I don't *want* violence to befall any person, regardless of their beliefs. Again, I don't think that keeping the violence secret (which is usually the kind of 'privacy' you are talking about in these cases) is the best way to handle it. Openness is the best course again, I think. You cite the 'control' line; first of all, I don't think 'knowing' something is the same as 'controlling' that thing. Second, corporations and governments are social forms - they can't 'do' anything, they require people to 'do' those same things. I'd like those organizations to be (and aspire consistently to continue being) as open as I would like to be. This openness will, in turn, help ameliorate any risk of of 'control' the individuals which make up those organizations might like to exert.

In short, I think it's impossible for an open society to be unfree. I think an unopen society is unfree by its very nature.

I know this is all a little idealistic and hard to swallow. I can guarantee you that I'm not perfect in this regard; there are plently of things I keep secret, and a ream full of foolish reasons and rationalizations I invent to justify that secrecy. But I do believe that we should aspire to be better; and work towards our goals - not simply clamp down and remain silent out of frustration and fear.

Originally posted by Karoch Sharon:I suppose I'd like to think that someone who felt the need to do violence to others would be able to get the help they need to feel secure enough in themselves that they no longer felt those urges. I don't *want* violence to befall any person, regardless of their beliefs. Again, I don't think that keeping the violence secret (which is usually the kind of 'privacy' you are talking about in these cases) is the best way to handle it. Openness is the best course again, I think. You cite the 'control' line; first of all, I don't think 'knowing' something is the same as 'controlling' that thing. Second, corporations and governments are social forms - they can't 'do' anything, they require people to 'do' those same things. I'd like those organizations to be (and aspire consistently to continue being) as open as I would like to be. This openness will, in turn, help ameliorate any risk of of 'control' the individuals which make up those organizations might like to exert.

In short, I think it's impossible for an open society to be unfree. I think an unopen society is unfree by its very nature.

I know this is all a little idealistic and hard to swallow. I can guarantee you that I'm not perfect in this regard; there are plently of things I keep secret, and a ream full of foolish reasons and rationalizations I invent to justify that secrecy. But I do believe that we should aspire to be better; and work towards our goals - not simply clamp down and remain silent out of frustration and fear.

Thanks all of you for your replies, I'm enjoying the discussion.

North00 makes an excellent point about hiding from an abusive spouse, witness protection, and other such circumstances. You haven't answered that issue at all.

Originally posted by Karoch Sharon:I suppose I'd like to think that someone who felt the need to do violence to others would be able to get the help they need to feel secure enough in themselves that they no longer felt those urges. I don't *want* violence to befall any person, regardless of their beliefs. Again, I don't think that keeping the violence secret (which is usually the kind of 'privacy' you are talking about in these cases) is the best way to handle it. Openness is the best course again, I think. You cite the 'control' line; first of all, I don't think 'knowing' something is the same as 'controlling' that thing. Second, corporations and governments are social forms - they can't 'do' anything, they require people to 'do' those same things. I'd like those organizations to be (and aspire consistently to continue being) as open as I would like to be. This openness will, in turn, help ameliorate any risk of of 'control' the individuals which make up those organizations might like to exert.

In short, I think it's impossible for an open society to be unfree. I think an unopen society is unfree by its very nature.

I know this is all a little idealistic and hard to swallow. I can guarantee you that I'm not perfect in this regard; there are plently of things I keep secret, and a ream full of foolish reasons and rationalizations I invent to justify that secrecy. But I do believe that we should aspire to be better; and work towards our goals - not simply clamp down and remain silent out of frustration and fear.

Thanks all of you for your replies, I'm enjoying the discussion.

North00 makes an excellent point about hiding from an abusive spouse, witness protection, and other such circumstances. You haven't answered that issue at all.

I don't have a direct response at the moment, I need to think about it; but I don't think that privacy stops spousal abuse. I do think that openness would help prevent it.

This is "information liberalism". If you think that the free flow of information is w/o justification for the personal security of each perspective person in it. If you believe that the individual has an inherint right to the free flow of information with the security of that persons information. You are an "information conservative". From a 'Federalist viewpoint,the Federalist believes that the 'centralization will be the savior through law for itself,and a justification for actually being then a 'Liberal Federalist'- there actually is not a way to implement this since the individual has not a way to include themselves 'secure'w/o first disclosing the same information to the same centralized 'accounting'. .... and so on. The 'privacy'laws inacted for 'privacy'were actually none of the same. It merely allocated space for which to departmentalize 'declarations'were made where there was the moot topic at one time of 'secured privacy'. The media has picked up that point long back. So that it has swung into something as a convenient point of 'political correctness',but as known,the implemetation is anything but moot. Not everybody is receptive at the objectivity of the 'gaurantee of security'- it should be a common courtesy. It should be prooved,to a yet undefined 'liberal federalism'. Which will fail at combining detail for itself on the whole. Of which none in the singular would be said to have of themselve. It is more politically correct to state that there should be a "reasonable expectation of security". Privacy is something in the past tense - something that in holding can only proove revealed. If it is secure,you have that courtesy prooven,intact. The "information gap" deals with an objective viewpoint,that is a highly reedemable asset. I like the ideals of copyright,and DMCA in this respect- if they were attached to personally secured information,the objective,and obscurity would see about the same respect. One is the written right,the other is the right of a lock to have the security to the device that describes it. They dont need to be ironic,and contrasted,however they can be both,and as well in common.

Originally posted by Karoch Sharon:I don't have a direct response at the moment, I need to think about it; but I don't think that privacy stops spousal abuse. I do think that openness would help prevent it.

Privacy doesn't "stop spouse abuse" -- like any other crime, there's little way to "stop" it, save in individual cases.

It *can*, however, stop a specific case of abuse, or protect an abusee who has fled.

The idea of "zero privacy" is an interesting thought experiment, but like most such ideas, is unworkable in the world (just as much as total privacy would be unworkable).

First, I would like to declare that all my internets searches for "midget panda sex" are entirely for research purposes only! Furthermore, all my other online activity, up to and including my Pirate Bay-related uhh... investigations, was also purely for research purposes. I will not have these facts ignored, your honor... I mean, sir!

OK, now that that formality is out of the way, I would say that it shouldn't be too difficulty to truly "anonymize" data. The morons listed in the article simply don't seem to be removing enough PII from their data sets. For instance, although it doesn't explain Latanya Sweeney's methodology for deciphering the GIC's medical data (no, I can't read her entire 140-page paper on the subject), it appears she did so mainly using the state employees' birth dates and sexes. That particular information could be useful in determing the causes of hospital visits, and maybe identify any patterns -- say, a spate of 25-45 y.o. men seeking treatment for syphilis a month after a weeklong conference of state employees that was heavily serviced by prostitutes. That info could have been left out of the public release, or at the very least securely or randomly encoded. Just one man's opinion.